GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2022-2321
was published
for
github.com/heroiclabs/nakama/v3
(Go)
Jul 6, 2022
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms
Moderate
CVE-2022-39314
was published
for
getkirby/cms
(Composer)
Oct 18, 2022
wger vulnerable to brute force attempts
Critical
CVE-2022-2650
was published
for
wger
(pip)
Nov 24, 2022
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
Moderate
CVE-2022-4797
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Improper Restriction of Excessive Authentication Attempts in modoboa
High
CVE-2023-0860
was published
for
modoboa
(pip)
Feb 16, 2023
No protection against brute-force attacks on login page
High
CVE-2023-25156
was published
for
kiwitcms
(pip)
Feb 15, 2023
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
High
CVE-2023-26476
was published
for
org.xwiki.platform:xwiki-platform-livetable-ui
(Maven)
Mar 3, 2023
Answer has Guessable CAPTCHA
Moderate
CVE-2023-1539
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
High
CVE-2023-29005
was published
for
Flask-AppBuilder
(pip)
Apr 10, 2023
Improper Restriction of Excessive Authentication Attempts in calibreweb
Moderate
CVE-2022-2525
was published
for
calibreweb
(pip)
Apr 15, 2023
Improper Restriction of Excessive Authentication Attempts in Sorcery
High
CVE-2020-11052
was published
for
sorcery
(RubyGems)
May 7, 2020
No Restriction of Excessive Authentication Attempts in Firefly III
Moderate
CVE-2021-3663
was published
for
grumpydictator/firefly-iii
(Composer)
Aug 9, 2021
Pimcore 2FA Vulnerable to Brute Forcing
Critical
CVE-2019-18985
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
web2py is vulnerable to password brute-force attack
Critical
CVE-2016-10321
was published
for
web2py
(pip)
May 14, 2022
OctoPrint does not have rate limiting on the login page
Low
CVE-2022-2822
was published
for
OctoPrint
(pip)
Aug 16, 2022
Pimcore Discloses Usernames In Use
High
CVE-2019-18986
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Keycloak Improper Bruteforce Detection
High
CVE-2018-14657
was published
for
org.keycloak:keycloak-parent
(Maven)
May 13, 2022
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2023-3173
was published
for
froxlor/froxlor
(Composer)
Jun 9, 2023
AzuraCast missing brute force prevention
Critical
CVE-2023-2531
was published
for
azuracast/azuracast
(Composer)
May 5, 2023
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
High
CVE-2015-20110
was published
for
generator-jhipster
(npm)
Oct 31, 2023
LibreNMS vulnerable to rate limiting bypass on login page
Moderate
CVE-2023-46745
was published
for
librenms/librenms
(Composer)
Nov 17, 2023
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2023-49810
was published
for
wwbn/avideo
(Composer)
Jan 10, 2024
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Moderate
CVE-2024-21500
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Devise-Two-Factor vulnerable to brute force attacks
Moderate
CVE-2024-0227
was published
for
devise-two-factor
(RubyGems)
Jan 12, 2024
•
withdrawn
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Moderate
CVE-2024-21662
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
ProTip!
Advisories are also available from the
GraphQL API